At 9:00 am on 9/12/2022 the City of Eagle Mountain released the following press release
Eagle Mountain City
MEDIA STATEMENT
Contact: Tyler Maffitt, Communications Manager tmaffitt@emcity.org
Eagle Mountain City strengthens financial policies following cybercrime
On Aug. 31, 2022, Eagle Mountain City determined that it was the victim of an organized cybercrime, resulting in the loss of nearly $1.13 million.
This crime was orchestrated through an email impersonation wherein the individual(s) responsible were able to portray themselves as a representative of a vendor working closely with the City on a major infrastructure project.
Eagle Mountain City took immediate action, contacting the Federal Bureau of Investigation (FBI), Utah County Sheriff’s Office and the vendor within minutes of learning of the incident. Those affected have been cooperating with authorities.
Further investigation determined that the amount stolen was transacted through an Automated Clearing House (ACH) transfer. Since learning of the incident, Eagle Mountain City has spent significant time strengthening its financial policies regarding ACH payments.
These changes are designed to prevent similar incidents from occurring in the future and to implement an added layer of accountability for City staff when completing financial transactions.
The City previously prepared for the possibility of a cybercrime negatively impacting available financial resources by purchasing an insurance policy that deals directly with cybercrimes and attacks. Eagle Mountain City is working with the insurance company to be reimbursed for the loss.
The City wants to provide reassurance that no resident, client or vendor information was compromised in any way as a result of this incident.
Those affected will continue cooperating with investigators until the case has reached its conclusion. At this time no City or vendor employees are under suspicion of wrongdoing.
More Details
I reached out to Tyler Maffitt the Public Information Officer (PIO) for Eagle Mountain with a few follow-up questions.
What was the company that was being impersonated?
W.W. Clyde
How exactly did the hack occur, was the email address hijacked on the other companies’ side, or was a spoofed (look-alike) email address used?
It appears someone with intimate knowledge of the situation, either by hacking or some other method, was able to insert themselves in an ongoing email thread to pose as a representative of the vendor. That allowed them to convince our City staff to send the transfer to an account that did not belong to the actual vendor. This was an organized criminal activity.
What specifically is the city now doing to stop this type of thing from happening again, what checks have now been put into place?
Eagle Mountain City has been working with the Utah Local Governments Trust and our insurance provider to strengthen our policies around ACH transfers. It’s important to remember that this was a sophisticated cybercrime that the new policies we’ve implemented will seek to address and provide an added layer of accountability when completing these transactions. The public ought to be aware that Eagle Mountain City is regularly recognized for its financial transparency and reporting. We wanted to be as transparent as possible with this matter and reassure the public that our new policies are expected to prevent this from happening in the future.
You mentioned insurance, what is the city’s Deductible on something like this?
We will not be providing that information at this time.
Was there any internal action taken against the employee that was involved?
Eagle Mountain City does not comment on personnel matters.
I am guessing that this started with some type of Phishing attack, was the attack on the City side or the Vendor side?
This matter is under investigation. At this time it appears that the individual(s) responsible were able to insert themselves into an ongoing email thread between the City and the vendor. It was not a phishing attack as it’s common described.
Additional Information
It should be noted that WW Clyde has several contracts with Eagle Mountain City.
In 2022 WW Clyde was awarded the following bids.
2-15-2022 Eagle Mountain Blvd Widening Pre Construction – $35,700.00
5-17-2022 Eagle Mountian Blvd Widening – $9,034,884.75
Mike Kieffer is an IT geek by hobby and trade, with a BS in Information Systems & Technology. He is a proud father of 10, a grandpa, an author, a journalist, and internet publisher. His motto is to “Elevate, Inspire and Inform”, and he is politically conservative and a Christian. Mike has a passion for technology, writing, and helping others. With a wealth of experience, he is committed to sharing his knowledge with others to help them reach their full potential. He is known for his jackassery or his form of self-expression that encourages boldness, creativity, and risk-taking. It can be a way to push the boundaries and challenge traditional norms, leading to creative solutions and positive change.